QARF: A Novel Malicious Traffic Detection Approach via Online Active Learning for Evolving Traffic Streams
-
Abstract
In practical abnormal traffic detection scenarios, traffic often appears as drift, imbalanced and rare labeled streams, and how to effectively identify malicious traffic in such complex situations has become a challenge for malicious traffic detection. Researchers have extensive studies on malicious traffic detection with single challenge, but the detection of complex traffic has not been widely noticed. Queried adaptive random forests (QARF) is proposed to detect traffic streams with concept drift, imbalance and lack of labeled instances. QARF is an online active learning based approach which combines adaptive random forests method and adaptive margin sampling strategy. QARF achieves querying a small number of instances from unlabeled traffic streams to obtain effective training. We conduct experiments using the NSL-KDD dataset to evaluate the performance of QARF. QARF is compared with other state-of-the-art methods. The experimental results show that QARF obtains 98.20% accuracy on the NSL-KDD dataset. QARF performs better than other state-of-the-art methods in comparisons.
-
-